It starts innocently enough. An email from a colleague with a link to an article they thought you’d like. But when you click on it, your troubles start.

It’s not The Australian or The New York Times that you’re taken to. Instead, you’re directed to a screen that tells you all of the data stored on your computer has been encrypted. Worse still, you’re not going to get it back unless you pay. And to top it off, for every 30 minutes you delay, a piece of data will be destroyed or the price of having it unlocked will increase.

What’s happened is that you’ve just downloaded dangerous ransomware to your system. And ransomware is on the rise. 

How ransomware works

Unlike other cyber-attacks which tend to try to steal your data (especially your financial data), ransomware is – at least in one sense – decidedly low-tech in its approach. It’s the cyber equivalent of kidnapping, it’s just that instead of taking people hostage, the scammers hold your data.

They do this by introducing a file to your computer, often via a fake email link. Like our scenario above, scammers using ransomware often ‘scrape’ people’s social media profiles or company websites to impersonate someone close to them. Alternatively, they may try to introduce ransomware onto your computer through a fake warning ‘pop up’, which tells you that you have been engaging in illegal activity. The only thing you can do to remedy it is to select the link.

Whichever method the scammers use to expose you to ransomware, the result is the same: when you click on a link to find out more, the ransomware injects a script onto your machine which encrypts all your files and locks you out from accessing them. To get them back, you’ll usually have to deposit bitcoin into the scammers’ accounts – although some enterprising scammers will offer a range of payment options, including credit cards.

What if this happens to you?

The most immediate question becomes whether or not to pay the scammers to get your files back. Many people choose to do so.

In 2013, the most famous ransomware, Cryptolocker, reportedly made its developers more than US$30 million in just 100 days. 

Globally, the construction industry is the most targeted by ransomware. In a report by IT company Datto they found that the ups and downs of the economy and rarity of recurring revenue has impacted the construction industry’s ability to protect itself from ransomware. The report by Datto also found that the number of ransomware attacks against small to medium businesses is on the rise, with 91 per cent of managed service providers in Australia and New Zealand reporting attacks against small to medium businesses, the highest rate globally.

But that doesn’t mean you should pay.

The good news is that as ransomware becomes more common, there has been an increase in free decrypting software being posted online, which will do the job for you. However, decrypting software isn’t available for every type of ransomware.

Another option may be to pay an IT professional to take it off for you (although you may still lose data unless you have backups). However, that’s likely to be more expensive than paying off the scammers. At least, that’s what they’re counting on.

But, by not doing so, you’re putting money into the hands of criminals and encouraging them to continue with their scam.

The best software can usually detect and block the scammer...

The best approach

The most effective way to guard against ransomware is to back-up computers regularly. If you have good back-up processes and keep multiple copies of every file you make, you’ll minimise the amount of damage ransomware does to your files. In fact, even if you don’t pay the ransom or pay for an IT expert to decrypt your files, the only data you’ll lose should be anything created or modified since the last back-up.

For this reason, computer experts recommend automatic, incremental online back-ups as a good weapon against ransomware.

Another important step in protecting against ransomware is to always have the latest version of reputable anti-virus software installed on your system. The best software can usually detect and block the scammer from activating some of the more common (and most harmful) forms of ransomware.

Beyond that, your business should also have a strictly enforced workplace policy when it comes to cyber safety, which includes not opening files or clicking on links that you are not 100 per cent certain of.

Want to know more?

Ransomware presents a real and increasing threat to financial advisers and accountants. But it’s also a threat that can be minimised, simply by backing up data on a regular basis.

Still, there’s no substitute for stopping attacks before they occur, which means exercising caution across your business, as well as making sure you stay up-to-date with the latest threats on the Scamwatch website.

Talk to a specialist

Fill out our form so we can connect you with the right banking specialist.


Dealer operations

Monday to Friday 9am – 5pm (Sydney time)

1800 660 025

Vehicle finance

Monday to Friday 9am – 5pm (Sydney time)

1800 257 284

Additional information

Any information on this page in relation to mortgages has been prepared by Macquarie Securitisation Limited (MSL) Australian Credit Licence (ACL) 237863 ACN 003 297 336.

Unless stated otherwise, this information has been prepared by Macquarie Bank Limited ABN 46 008 583 542 AFSL and Australian Credit Licence 237502.

This information is provided for the use of licensed and accredited brokers and financial advisers only. In no circumstances is it to be used by a potential client for the purposes of making a decision about a financial product or class of products.